Business Intelligence – Oracle

Archive for May 19th, 2008

BI EE 10.1.3.3.3/2 – Hyperion Essbase Security – Zeroes for No Access

Posted by Venkatakrishnan J on May 19, 2008

Both Hyperion Essbase and BI EE have very good security models. Now that we have the connectivity to Essbase from BI EE, i thought i would test out the security integration between the two. One of the first things that i wanted to test was to find out how the Essbase Security propagates into the BI EE security model. Lets start the test with a simple cube/database having 2 dimensions LOB and YEAR and a measure AMOUNT. Now, lets define one more user in our Essbase server (user1) who would have read access to this cube.

    

    

As a next step lets define a filter in the Essbase cube which would restrict access to the LOB dimension and all its members. This filter can be achieved using the below maxL script.

create or replace filter 'POA'.'Poa'.'filter2'
no_access on '@DESCENDANTS ("LOB")'

Now, assign this filter to the user user1.

    

Once this is done, lets first see what happens when we try to view the cube’s data as user1 from with the excel add-in.

    

    

As you see, since this user does not have access to the other dimension members of the LOB dimension we get “No Access” message for all the members of the LOB dimension. But for the YEAR dimension alone, for which user1 has access, we get the data. Lets see what happens in BI EE. The first step is to import the cube as an Admin user (or an user with Application read/write privilege). Once this done, change the username in the connection pool as user1.

    

Now create BM and PL layers for this imported cube and try creating a simple report using this cube.

    

Strange that we are getting zeroes here instead of an error message (which i was expecting). But data is shown correctly for other dimensions for which this user1 has access to.

    

This is something you would have to be aware of while using the BI EE-Essbase connectivity. Not every user/management would be happy if you show them zeroes instead of a No Access message. But this can be circumvented by assigning one more layer of BI EE security on top of the Essbase dimensions.

Advertisements

Posted in All Posts, Hyperion Essbase, OBI EE Plus | 5 Comments »